[Let's Encrypt] Can't create SSL certificate

Hello,

when i try to request an certificate for a domain i get the following error:

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying webmail.feuerbiber.de...
webmail.feuerbiber.de verified!
Verifying www.webmail.feuerbiber.de...
www.webmail.feuerbiber.de verified!
Verifying mail.webmail.feuerbiber.de...
Wrote file to /home/feuerbiber.de/domains/webmail.feuerbiber.de/public_html/.well-known/acme-challenge/OMdsehjE0p_iYU2wLnEHeZYJZrXCd1-Vgu8Ap0X_guo, but couldn't download http://mail.webmail.feuerbiber.de/.well-known/acme-challenge/OMdsehjE0p_iYU2wLnEHeZYJZrXCd1-Vgu8Ap0X_guo
Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 203, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 199, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 154, in get_crt
    domain, challenge_status))
ValueError: mail.webmail.feuerbiber.de challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'url': u'http://mail.webmail.feuerbiber.de/.well-known/acme-challenge/OMdsehjE0p_iYU2wLnEHeZYJZrXCd1-Vgu8Ap0X_guo', u'hostname': u'mail.webmail.feuerbiber.de', u'addressUsed': u'', u'port': u'80', u'addressesResolved': []}], u'keyAuthorization': u'OMdsehjE0p_iYU2wLnEHeZYJZrXCd1-Vgu8Ap0X_guo.kQAPzMel9ln5klX00ERlRvulFO9VE8DfmkAIqozXuY4', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/O900SjSYoDh7JlIg5uZbjwXv5_Apq9A9oFn76FTy2nQ/946378824', u'token': u'OMdsehjE0p_iYU2wLnEHeZYJZrXCd1-Vgu8Ap0X_guo', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'DNS problem: NXDOMAIN looking up A for mail.webmail.feuerbiber.de'}, u'type': u'http-01'}

There a a few irritations and questions at this point.

  1. I do not use the default DNS Name for MX (Setting in BIND Server Template) --> Why the dns record mail.webmail.feuerbiber.de is set?
  2. I have disabled mail for the domain webmail.feuerbiber.de --> Why the dns record mail.webmail.feuerbiber.de is set & why is mail.webmail.feuerbiber.de set by default in the request?
  3. There is no alias in nginx config for mail.webmail.feuerbiber.de. So It will never work without manual adjustment.

Best regards, Patrick Niebeling

Status: 
Active

Comments

Can this be worked around by just entering webmail.feuerbiber.de on the Let's Encrypt form rather than using the automatic list of hostnames?

Sure. this is an possible workaround. But it would be nice if you can fix it soon.